Method and system for transmitting data from a first data processing device to a second data processing device

ABSTRACT

A method and a system for transmitting data from a first data processing device to a second data processing device, wherein the first data processing device has a display device. The second data processing device generates an encrypted input mask and transmits it to the first data processing device which displays it. The encrypted input mask is decrypted by being viewed through an optical filter having a decryption pattern, and the data to be transmitted are input to the first data processing device using the input mask that has been decrypted by the optical filter and are transmitted to the second data processing device.

RELATED APPLICATIONS

The present application is a continuation of U.S. application Ser. No.12/084,516, filed May 2, 2008, which is a U.S. National StageApplication of International Application No. PCT/EP2006/068081, filedNov. 3, 2006, which claims priority from European Patent Application No.05024082.9, filed Nov. 4, 2005 and German Patent Application No. 10 2005061999.1, filed Dec. 23, 2005, said patent applications hereby fullyincorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates to a method and system for transmittingdata from a first data processing device to a second data processingdevice, where the first data processing device particularly comprises adisplay device. Furthermore, the invention relates to an online bankingmethod and a method for authenticating a user to a third party, inparticular an e-commerce provider.

BACKGROUND OF THE INVENTION

The secure transmission of data is very important in connection withnetworked data processing devices. Particularly when confidential dataare transmitted from one data processing device to another dataprocessing device over a world wide network like the Internet, there isan especially high risk of third parties attempting to gain knowledge ofsecurity-relevant or confidential data or attempting to exploit thetransmission of these data for their own purposes. For the protection ofsensitive data or online commercial transactions with an e-commerceprovider on the Internet, often a plain username and personal passwordinput is used. After the user has authenticated himself by enteringthese data, for example, the online commercial transaction with thee-commerce provider is processed. This process has the disadvantage thatthird parties can conduct online commercial transactions on behalf ofthe legitimate user if they have gained access to the user's usernameand personal password.

The following methods are known by which unauthorized third parties canillegitimately obtain confidential data from users:

A user is directed via a link to a fake website where he enters hisusername and password (so-called “phishing”). Furthermore, it is knownto direct a user, e.g. by manipulating a DNS-(Domain NameSystem)-server, to a fake website that leads to a fake server even whenthe correct website address (URL) is manually entered (so-called“Pharming”). Furthermore, it is known to either intercept the data sentfrom the user to a server and forward them instead of the original datain a modified context or to copy these data and resend them to theserver at a later point in time in a modified context (so-called “replayattack”).

Furthermore, there are programs that record keyboard strokes andtransmit them to unauthorized third parties over the Internet. It isalso known to additionally record and unauthorizedly transmit to thirdparties the actions of screen selection devices like e.g. an electronicmouse or a touchpad in combination with the corresponding screencontents. These methods are known as “keylogging”.

Finally it is known to unnoticeably redirect the data traffic betweenthe two data processing devices that exchange the security relevant datavia a computer of an unauthorized third party in a way that the datatraffic passes through this computer which enables the tapping ormanipulation of the data traffic. Here, the intermediary computer canimpersonate the server towards the user's data processing device andimpersonate the user towards the server and forward either one's data tothe other while tapping and/or modifying information. This method isknown as “man-in-the-middle-attack”.

The above-mentioned methods for unauthorizedly obtaining securityrelevant or confidential data are often used in combination. In order tobetter protect the data transmission, there are more secure transmissionmethods, especially in the field of online banking or corporate networklogin, that combine the knowledge of a specific personal password withthe possession of a specific authentication medium. These methods areknown as “Two-Factor-Authentication”.

In the simplest case, the user has a list with transaction numbers(TAN). The transaction numbers can be indexed if necessary. Furthermore,there are devices that generate a one-time password which is thenentered for the transaction. This method is essentially equivalent tothe method in which indexed transaction numbers are used. For eachonline banking transaction, in addition to his password, the user entersa transaction number that is valid only once. A transaction in which asimple transaction number is used is primarily susceptible to theabove-mentioned “phishing” and “pharming-”methods. If an indexedtransaction number or a one-time password is used, the method is stillsusceptible to the “man-in-the-middle attack”.

Furthermore, there are methods known in which a passive storage medium,e.g. a CD-ROM, or an active processor medium like a chip card or a USBstick with integrated smart card are used for authentication. Theprocessor medium is coupled with the user's computer, whereupon itcommunicates with the bank server e.g. by a “challenge/response” method.Though these methods are secure against the above-mentioned methods forthe unauthorized obtaining of security relevant data or the unauthorizedconducting of or tampering with transactions, the implementation andoperation of such systems involve high hardware costs. Even whenlow-cost storage or processor media are used, and readers or interfacesthat are already provided for other purposes in the user's computer,there is the problem that the usability is mostly not guaranteed atarbitrary computers at arbitrary places. Moreover, additional softwareand hardware, if applicable, must be laboriously installed before thesemethods can be used.

US 2001/0026248 A1 describes a method by which the screen display of acomputer is modified in a way that the screen content can only be readwhen the screen is viewed through a special optical filter. Thus, thescreen content, in particular, cannot be read by a third person who doesnot possess this special optical filter. The method described in thispublication is intended to prevent unauthorized third parties fromreading the information displayed on the computer screen. However, itdoes not disclose a method for securely transmitting data from a firstdata processing device to a second data processing device. While inputinto a computer cannot be read by unauthorized third parties, apotential transmission of these data to another data processing devicewould be unsecured.

SUMMARY OF THE INVENTION

The aim of the present invention is to provide a method and system ofthe above-mentioned kind for enabling a secure transmission of databetween two data processing devices. At the same time, the system shallbe implementable in a cost-saving manner and the method shall beoperable in a cost-saving manner.

This problem is solved by the claimed invention.

According to a first aspect of the method according to the invention thesecond data processing device generates encrypted input instructions andtransmits these to the first data processing device. The first dataprocessing device displays the encrypted input instructions. Theencrypted input instructions are decrypted by being viewed through anoptical filter having a decryption pattern. The data to be transmittedare input into the first data processing device by using the inputinstructions that have been decrypted by the optical filter and aretransmitted to the second data processing device.

Using the optical filter with the decryption pattern, in the possessionof a user, provides a method by which data can be transmitted verysecurely. Essentially, the same security standards are achieved that areprovided by methods using active processor media, e.g. a chip card. Themethod is thus secure against the above-mentioned “phishing” and“pharming” methods. Moreover, the method provides protection against theabove-mentioned “replay attacks” or “keylogging” methods, as the datainput makes only sense to a third party if the third party knows thedecryption pattern. Finally, the method can be implemented and operatedin a very cost-saving manner. An optical filter with a decryptionpattern can be manufactured very inexpensively. Moreover, no specialreaders, as is the case with e.g. chip cards, are required, because thedisplay device of the first data processing device is used as a“reader”.

In this context, the term “input instruction” refers to any kind ofinformation that either contains data that a user is supposed to enteror contains instructions as to how a user is supposed to enter dataknown to him into the first data processing device. For example, aspecific code can be displayed in encrypted form that is entered in aconventional manner into the first data processing device upondecryption effected by the optical filter. Furthermore, instructions canbe displayed in encrypted form that tell the user how to generate thedata to be transmitted. It is further possible that just an input maskis displayed which becomes visible upon decryption by the optical filterand into which the user enters data known to him. For example, the inputmask can consist of an array of numeric characters or an alphanumerickeyboard, with the character layout potentially varying for each inputmask.

In the context of the invention, the term “optical filter” refers to adevice that optically modifies the displayed input instructions, therebyrendering them understandable for the user. The optical filter can be acolor filter, polarization filter or pattern which decrypts the inputinstructions when optically overlaying them. Furthermore, the opticalfilter can also be a template that singles out specific areas of thedisplayed input instructions, thus decrypting the input instructions.

According to a preferred embodiment of the method according to theinvention, the input instructions are encrypted depending on thefilter's decryption pattern. In doing so, the input instructions can bealtered at least once per connection session between the two dataprocessing devices. Furthermore, the input instructions can be alteredfor each data transmission.

According to a preferred further embodiment of the method according tothe invention the input instructions are an input mask. The data to betransmitted are entered into the first data processing device via theinput mask decrypted by the optical filter. In particular, the datainput at the first data processing device is effected by sequentiallyselecting areas of the displayed input mask. The decrypted input mask,for example, shows a keyboard on the display device. The keyboardpositions can then be selected e.g. with an electronic mouse or atouchpad or other screen input devices, thereby entering the data.Furthermore, the decrypted input mask could additionally compriseinstructions as to how the data are to be entered into a keyboard. Inparticular, these measures provide protection against methods ofrecording keyboard strokes or screen input and transmitting it tounauthorized third parties.

The decryption pattern is e.g. a binary image pattern. When generatingthe encrypted input instructions, initially a binary image patterncomplementary to the decryption pattern can be generated. At thosepixels of this complementary image pattern that shall represent theinput instructions, the pixel state is then reversed so that their statematches the state of their corresponding pixels in the decryptionpattern. Conversely, also a binary bit pattern identical to thedecryption pattern could be created initially. At those pixels of thispattern that shall represent the input instructions, the pixel state isthen reversed so that their state is complementary to the state of theircorresponding pixels in the decryption pattern. Thus, the encryptedinput instructions can be generated very easily at the second dataprocessing device. The only requirement is that the decryption patternof the optical filter of the respective user is known. This decryptionpattern or information about this pattern can be stored by the seconddata processing device when the optical filter with this pattern is sentto a user. Thus, the input instructions are preferably displayedgraphically in the form of a pattern.

Generally, the pattern to be displayed, containing the encrypted inputinstructions, is generated from a given decryption pattern as follows:

An input mask shown e.g. in black and white can be interpreted as amatrix consisting of logical yes-values for black pixels and logicalno-values for white pixels. A randomly generated red-green transparencypattern can be interpreted as a matrix consisting of logical yes-valuesfor green pixels and logical no-values for red pixels. Duringencryption, deriving a red-green display pattern A from the red-greentransparency pattern (decryption pattern) F is effected by reversing thecolor of a transparency pattern pixel from red to green or from green tored in those places where pixels with an equivalent position in theinput mask E are black. This operation can be represented as an XORfunction between F and E in Boolean algebra. Hence, A=F XOR E or,respectively, A=E XOR F is valid for all corresponding points in therespective matrices (the XOR function is commutative).

During decryption, the overlay of the red-green display pattern with thered-green decryption pattern of the optical filter again effects an XORoperation if a resulting bright (i.e. red or green) pixel is interpretedas a logical no and a resulting dark (i.e. black) pixel is interpretedas a logical yes. Hence, the perceivable result R equals A XOR F. FromA=E XOR F and R=A XOR F follows: R=(E XOR F) XOR F. As the XOR-functionis also associative, also R=E XOR (F XOR F) is valid. Hence follows R=E.The perceivable result corresponds to the input mask.

According to a preferred further embodiment of the method according tothe invention, the decryption pattern comprises areas that are not beingused for decryption and use areas embedded therein. In this case, theencrypted input instructions are generated by creating—for those areasthat are not being used for decryption—a pattern independent from thedecryption pattern, particularly a random pattern. Therefore, the useareas contain the encrypted input instructions, and the areas not usedfor decryptions contain random patterns.

The XOR operation between the display pattern, i.e. the encrypted inputinstructions, and the decryption pattern gives rise to the problem thatan unauthorized third party can draw inferences regarding the decryptionpattern if he gains knowledge of more than two different displaypatterns. With the further embodiment of the invention, the position,shape and size of the use areas is a secret of the decryption pattern,i.e. this information is not known to unauthorized third parties. Theaforementioned is an individual feature of the decryption pattern. Withrespect to the choice of how to render the display pattern, one is boundto the decryption pattern only in those areas that are being used forthe input instructions. Only in these use areas a binary picture patterncomplementary to or identical with the decryption pattern must begenerated in which single pixels are modified according to the inputinstructions. Those areas of the decryption pattern that are not beingused for decryption can comprise e.g. a black coloring so that they aremasked. Thus, the random pattern displayed in these areas of the displaypattern is no longer visible after decryption by the decryption pattern.Therefore, this random pattern can be modified with each transaction. Ifan unauthorized third party gained knowledge of the display patterns oftwo independent transaction and overlaid them, the non-used areas wouldagain show a random pattern. Within the use areas of the displaypattern, the overlaid encrypted input instructions of the transactionswould indeed emerge. However, as they are embedded within the randompattern and as the unauthorized third party does not know where the useareas are, which shape they have and how large they are, a decryption ismade substantially difficult or impossible.

According to a further preferred embodiment of the method according tothe invention, the input instructions are being displayed as a symbolmatrix. In this case, the optical filter with the decryption pattern isa template that highlights positions of the symbol matrix of the inputinstructions and furthermore preferably shows a sequential order of thehighlighted symbols. In this case, the input areas are preferablydecoupled from the use areas, i.e. the decryption pattern shows where aselection has to be performed on the display in order to select aspecific symbol.

According to a modification of this embodiment the symbol matrix is notbeing displayed in the encrypted input instructions. Rather, the symbolmatrix is contained in the decryption pattern, preferably with a binarycoding, particularly a binary color coding, being used additionally. Inthis case, the input instructions merely contain a binary coding,particularly a binary color coding.

According to a further embodiment of the method according to theinvention both the input instructions and the decryption patterncomprise, in different areas, a symbol matrix, which preferably isadditionally color coded. By collating the symbols in the inputinstruction area and in the decryption pattern area, the user canauthenticate himself. It is particularly preferable about thisembodiment that the user can generate the input instructions by himselfand transmit them to the second data processing device together with thecollation. If the user's decryption pattern is stored at the second dataprocessing device, the second data processing device can authenticatethe user by means of the input instructions and the collation. Notably,it is therefore not necessary in this method variant that the seconddata processing device generates the encrypted input instructions andtransmits them to the first data processing device.

According to a preferred embodiment of the method according to theinvention, the input instructions comprise a code that, upon decryptioneffected by the optical filter, is entered into the first dataprocessing device and transmitted to the second data processing device.From the code transmission it can be inferred that the user is inpossession of the optical filter with the decryption pattern.

According to a further preferred embodiment of the method according tothe invention, in order to align the displayed encrypted input mask tothe filter, positions of alignment aids of the filter are selected atthe display device and the selection is transmitted to the second dataprocessing device. The input instructions are then generated and/ordisplayed depending on the selected positions. It is thus possible toindividually adjust the input instructions for each data transmission tothe display device currently used. This enables a user to perform thedata transmission totally independent of location and device. The dataprocessing device used only needs to have a display device.

According to the invention, there is further proposed a method forauthenticating a user to an e-commerce provider or to another dataprocessing device. In this method, the user enters a personal code intohis data processing device. This code is then transmitted to thee-commerce provider's data processing device. Here, the input andtransmission of this personal code of the user is effected by the methodaccording to the invention according to the first aspect as describedabove.

According to the invention, there is further proposed an online bankingmethod in which a user authenticates to a bank server and then entersthe data necessary for an online money transfer procedure, and in whichthese data are then transmitted to the bank server. In this process, theuser's authentication and the input and transmission of at least a partof the data relevant for the online money transfer procedure, e.g.beneficiary, account number and/or amount, is performed by theabove-described method according to the invention according to the firstaspect. Thus, the user can also protect himself against so-called“man-in-the-middle-attacks” in online banking.

Finally, according to another embodiment, the data relevant for theonline money transfer procedure, e.g. beneficiary, account number and/oramount, could be entered in a conventional manner. After that, aconfirmation presentation, with an instruction as to how a confirmationis to be entered, is displayed using the above-described methodaccording to the invention, The confirmation is then, upon decryption ofthe confirmation presentation, entered by the user on the basis of theinstruction and finally transmitted to the bank server.

In a conventional online money transfer procedure, an intermediarycomputer of an unauthorized third party could, e.g. during the loginprocedure, leave the data unchanged in both directions and immediatelyforward them. Thus, an unauthorized third party could pass the loginprocedure and manipulate the subsequent communication, e.g. by modifyingthe amount and beneficiary data of the online money transfers. In theconventional online money transfer procedure, the unauthorized thirdparty could also pretend to the user that the correct money transfer hadbeen effected. In the online banking method according to the invention,these manipulations are not possible, as all security relevant data canbe entered via the encrypted input instructions, so that also aneffective protection against “man-in-the-middle-attacks” can beprovided.

The system according to the invention, for transmitting data from afirst data processing device to a second data processing deviceaccording to a first aspect of the invention, is characterized in thatan optical filter for the display device of the first data processingdevice is provided, which filter includes a decryption pattern, that thesecond data processing device comprises a memory in which the decryptionpattern or information about the decryption pattern of the filter arestored, and that the second data processing device comprises a devicefor generating an encrypted input mask, the encrypted input mask beinggenerable, depending on the stored decryption pattern or the storedinformation, in a way that the encrypted input instructions, whendisplayed, can be decrypted by being viewed through the optical filter.

The system according to the invention has the advantage that it can beimplemented very cost-effectively, because—besides two conventional dataprocessing devices communicating with each other—only an optical filterwith the decryption pattern has to be provided. This can be done verycost-effectively. As mentioned above, the system according to theinvention further enables a very secure transmission of sensitive orsecurity relevant data between the two data processing devices.

The decryption pattern can, in particular, contain a binary coding. Itis therefore a coded pixel grid. The encryption of the input mask andthe decryption pattern can interact in different ways, whereby, whenviewing the encrypted input mask, just a random-looking pattern withoutinformation content is visible and only the optical filter renders theinformation content of the input instructions visible. The decryptionpattern of the optical filter can e.g. contain pixels or image areasmade of optical filters for two complementary colors. For example, thesingle pixels can consist of areas with filters that are transparentonly for read or green light. Such a complementary-color coding can beimplemented very easily and cost-effectively. Furthermore, a coding viamutually perpendicular polarization filters is conceivable, providedthat polarized light can be emitted with the display device.Furthermore, a plurality of other ways to graphically encode the inputinstructions is possible.

The optical filter is preferably an at least partially transparenttransparency or card. The transparency or card can have e.g. credit-cardsize. Preferably, it consists of a plastic that is adhesive to thedisplay device. Thus, the filter can be attached to the display devicevery easily. In order to easily align the filter to the encrypted inputmask that is being displayed or is to be displayed, and to the displaydevice, respectively, the optical filter can, in particular, comprisealignment aids.

The decryption pattern is particularly a random pattern individuallycoded for a user.

The first data processing device preferably comprises an input devicethrough which data can be entered using the decrypted input mask. Theinput device is preferably a selection device for areas of the displaydevice, such as e.g. an electronic mouse, a touchpad or a touch-screendisplay.

According to a second aspect of the method according to the invention,for the transmission of data to the second data processing device, meansfor obtaining a plurality of transaction codes from a plurality ofindices are transmitted to a user or to the first data processingdevice, and the electronic data transmission from the first dataprocessing device to the second data processing device is linked to aspecific transaction code from the plurality of transaction codes, theindex of this one transaction code having a correlation with thetransmitted data.

By the second aspect of the method according to the invention, the datatransmission to the second data processing device according to the firstaspect of the method according to the invention can be organized in aneven more secure way. The present invention, however, also comprisesthat the method according to the second aspect is executed independentlyfrom the method according to the first aspect, i.e. particularly withoutthe display device, the encrypted input instructions and the decryptionby the optical filter.

In known data transmission methods, in order to secure the datatransmission, there is at best a typically randomly chosen index,serving to select a specific transaction code with which the data to betransmitted are linked. This is, for example, the case in an onlinebanking method having indexed transaction numbers. In the methodaccording to the invention, however, the index has a correlation withthe data to be transmitted, i.e. the index is selected or determined,respectively, on the basis of the data to be transmitted. Due to thiscorrelation between the transaction code used in the data transmission,its corresponding index and the data to be transmitted, it isimpossible, even in a “man-in-the-middle attack”, to unnoticeably modifythe data to be transmitted. For such a modification would lead to theresult that the specified correlation between the transmitted data andthe index of the used transaction code no longer exists. A modificationof the transmitted data would, upon verification of the datatransmission, either not result in any valid index or result in adifferent index and hence in a different transaction code, which caneasily be detected at the second data processing device.

It is a further advantage of the method according to the invention,according to the second aspect, that it provides, with just a fewmodifications of the known method having indexed transaction numbers, afar higher level of security than this known method. It can therefore beimplemented at low cost and with very low complexity.

The correlation between the data to be transmitted and the index ispreferably so simple that it can be easily be established or reproducedby a user.

According to a preferred embodiment of the method according to theinvention the transaction code is valid only once. Hence, for every datatransmission a different transaction code is used. An unauthorized thirdparty could therefore not use an intercepted transaction code to link itto the data of another data transmission.

According to a further preferred embodiment of the method according tothe invention there is a direct mapping between the plurality oftransaction codes and the plurality of indices. This mapping from theset of indices to the set of transaction codes is preferably surjective,particularly preferably bijective. Hence, in this case, an index refersto exactly one transaction code.

According to a further preferred embodiment of the method according tothe invention, the index of the one transaction code is determined,using an algorithm, from the data to be transmitted. This algorithm canuse as parameters all data to be transmitted or a part of the data to betransmitted. Preferably, particularly those data that shall be protectedagainst modification are used for determining the index of the onetransaction code. In the simplest case, the index directly matches thedata to be protected or a part of these data. In a complicatedembodiment, the index results from a functional correlation with thedata to be protected and transmitted. If the data protected in this wayare modified by an unauthorized third party, the specified functionalcorrelation between the index and these data is no longer satisfied sothat the manipulation of these data can be easily detected.

A further advantage of the method according to the invention accordingto the second aspect is that it is, in principle, not necessary tocommunicate to the user, before the data transmission, which index thetransaction code for the data transmission has. That is to say, in themethod according to invention it is sufficient that the index isdetermined from the correlation with the data to be transmitted.

According to a further preferred embodiment of the method according tothe invention the means for obtaining the plurality of transaction codesfrom the plurality of indices are stored and the first data processingdevice automatically determines the one transaction code from the datato be transmitted and links the data to be transmitted to thistransaction code. In this embodiment, it is advantageously no longernecessary that the user obtains, or respectively selects, and enters thetransaction code. In this case, obtaining, or respectively selecting,the transaction code and linking it to the data to be transmitted isperformed automatically and invisibly for the user. However, in thiscase, the means for obtaining the plurality of transaction codes from aplurality of indices should be protected from access by unauthorizedthird parties.

According to a further preferred embodiment of the method according tothe invention, the second data processing device verifies, on the basisof the transaction code used in the data transmission, the integrity ofthe data transmitted by the user or the first data processing device. Inone embodiment, this can be effected by initially verifying whether thetransaction code belongs to the set of valid transaction codes and thendetermining the index assigned to this transaction code. Subsequently,it is verified that this index has the predetermined correlation withthe transmitted data. In an alternative embodiment, the verification canalso be performed by determining, from the transmitted data, via thepredetermined correlation, the index belonging to these data, and, indoing so, verifying that the index determined in this way is a validindex, and subsequently, in a second step, verifying that thetransaction code assigned to this index is identical to the transmittedtransaction code. As in known methods having transaction numbers, alsoin the method according to the invention the transaction code is onlyvalid for one data transmission.

The invention further relates to an online banking method for securelytransmitting data electronically that uses the above-described methodaccording to the second aspect. Here, the first data processing devicecorresponds to a data processing device of a user and the second dataprocessing device corresponds to a bank server. The online bankingmethod according to the invention, according to the second aspect, isparticularly an improvement of the known online banking methods havingindexed transaction numbers. The data transmission can correspond to amessage or an order to the bank. In particular, however, is pertains toa money transfer transaction comprising safety-critical andnon-safety-critical data. In the method according to the invention,according to the second aspect, the index of the one transaction codebeing linked to the data transmission has a correlation withsecurity-critical data of the money transfer. For in this case, amanipulation of the security-critical data can be easily detected. Thesecurity-critical data particularly comprise the beneficiary's accountnumber. In an especially simple embodiment of the method according tothe invention, the index of the one transaction code derives from digitsof the beneficiary's account number. For by a manipulation of thebeneficiary's account number in a “man-in-the-middle-attack,” the moneytransfer could be diverted to an arbitrary different account in aparticularly easy way. In order to avoid that the money transfer can bediverted to an account with the same account number at a different bank,it is further possible to protect the bank code number by incorporatingalso these data into the correlation between the data to be transmittedand the index of the one transaction code. Also, all beneficiary data,i.e. also the beneficiary's name, if applicable, or a payment reference,could be incorporated into this correlation.

Furthermore, the security-critical data also comprise the amount of themoney transfer. If this amount is also incorporated into the correlationbetween the money transfer data and the index of the transaction codelinked to the transaction data, also a manipulation of the amount can bedetected easily. The index of the one transaction code could e.g. derivefrom digits of the beneficiary's account number and from digits of theamount of the money transfer.

According to a preferred embodiment of the online banking methodaccording to the invention, according to the second aspect, the meansfor obtaining a plurality of transaction code from the plurality ofindices are stored and the user's data processing device automaticallydetermines the one transaction code from the security-critical data tobe transmitted and links this transaction code to the data to betransmitted. In this way, the online banking method can be simplifiedand at the same time made more secure compared to conventional methodshaving transaction numbers.

According to a further preferred embodiment of the online banking methodaccording to the invention, according to the second aspect, the bankserver transmits, before the actual data transmission, during an onlineconnection with the user's data processing device, a code to the dataprocessing device, the validity of which is time-restricted to thecurrent online connection. Alternatively, the code could also be validonly for the current order. In this case, the index of the onetransaction code can have a correlation with both this code and thetransmitted data. This embodiment combines a conventional online bankingmethod having indexed transaction codes with the method according to theinvention in which the index has a correlation with the data to betransmitted.

The data processing device according to the invention, for secureelectronic transmission of data to a second data processing deviceaccording to a second aspect of the invention, is characterized by aninput device for entering at least the data to be transmitted, a firstdata-index-device for determining a specific index from the data to betransmitted, a first index-transaction-code-device for obtaining atransaction code assigned to the specific index from the specific index,a linking device for linking the data to be transmitted to the obtainedtransaction code that is assigned to the index determined from the datato be transmitted, and an output device for transmitting the data linkedto the transaction code.

With this data processing device, the method according to the inventioncan be performed easily and automatically, especially by the user.

The data processing system according to the invention, according to thesecond aspect of the invention, comprises the above-described dataprocessing device according to the second aspect as the first dataprocessing device as well as a second data processing device connectedto the first data processing device via an electronic network. In thisdata processing system, the second data processing device comprises: areceiving device for receiving, from the first data processing device,data linked to the transaction code, a second data-index-device—fordetermining the index from the transmitted data—that corresponds to thefirst data-index-device of the first data processing device, a secondindex-transaction-code-device—for obtaining the transaction codeassigned to the index from the index—that corresponds to the firstindex-transaction-code-device of the first data processing device, and averification device for verifying data linked to the transaction codethat have been received from the first data processing device, theverification device enabling to verify whether the transaction codereceived matches a transaction code that can be determined, with thesecond index-transaction-code-device, from the index that can bedetermined, using the second data-index-device, from the received data.

This data processing system can particularly be used as an onlinebanking system for a bank with its users and their data processingdevices; here, the online banking method according to the second aspectcan be implemented.

In the context of this invention, the term “index” refers to any kind ofinformation from which an associated transaction code can be obtained.The term “obtaining” refers to any kind of mapping, derivation,computation, determining or function call that effects an assignmentbetween an index and a transaction code, the index typically beingavailable as a given information and the transaction code being a soughtinformation known only to the user and respectively the user's dataprocessing device, the index thus acting, in the case of a functioncall, as input parameter and the transaction code acting as returnvalue.

Thus, the invention comprises e.g. the following variants of embodimentsas means for obtaining transaction codes from an index:

In the simplest form, obtaining a transaction code from an index iseffected via an indexed TAN list as described above. The means forobtaining the transaction code, in this case, is the indexed TAN listwith the information about which transaction code is to be assigned towhich index.

In a further embodiment, however, also a non-indexed TAN list could beused and the index could be implicitly contained in the TANs, e.g. asthe first two digits of an otherwise six-digit TAN. The means forobtaining the transaction code in this case comprise the specificationas to how a transaction code of the TAN list can be determined from aknown index.

Furthermore, obtaining a transaction code from an index could also beeffected via a table in which each index is composed from arow-column-coordinate and each transaction code from a table item.

The above-mentioned means for obtaining a transaction code, particularlythe last-mentioned, could also be used with combined indices. E.g. inthe last-mentioned embodiment using a table, the transaction code couldbe obtained via an index by having multiple row-column-coordinates actas a composite index and the respective assigned (partial) transactioncodes as a composite transaction code.

In a further embodiment, obtaining a transaction code could also beeffected via a special device into which an index is entered e.g. via akeyboard, with the device determining and displaying an associatedtransaction code.

A particular advantage of the method, data processing device and dataprocessing system according to the invention is that the implementationcan be effected in a very simple and cost-saving manner and that, at thesame time, a manipulation of the transmitted data can be detected in asimple, but secure manner.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention is now illustrated with reference to the drawings on thebasis of exemplary embodiments.

FIG. 1 schematically shows a first exemplary embodiment of the systemaccording to the invention for transmitting data between two dataprocessing devices,

FIG. 2 shows an unencoded input mask,

FIG. 3 shows the decryption pattern,

FIG. 4 shows the encrypted input mask,

FIG. 5 shows the decrypted input mask,

FIGS. 6 and 7 visualize the encryption of a numeric character accordingto the method according to the invention according to a first exemplaryembodiment,

FIG. 8 a shows the encrypted input mask, FIG. 8 b shows the decryptionpattern and FIG. 8 c shows the decrypted input mask according to asecond exemplary embodiment of the method according to the invention,

FIG. 9 a shows the encrypted input mask, FIG. 9 b shows the decryptionpattern and FIG. 9 c shows the decrypted input mask according to a firstform of a third exemplary embodiment of the method according to theinvention,

FIG. 10 a shows the encrypted input mask, FIG. 10 b shows the decryptionpattern and FIG. 10 c shows the decrypted input mask according to asecond form of the third exemplary embodiment of the method according tothe invention.

FIG. 11 a shows the encrypted input mask, FIG. 11 b shows the decryptionpattern and FIG. 11 c shows the decrypted input mask according to athird form of the third exemplary embodiment of the method according tothe invention,

FIG. 12 a shows the encrypted input mask, FIG. 12 b shows the decryptionpattern and FIG. 12 c shows the decrypted input mask according to afourth exemplary embodiment of the method according to the invention

FIG. 13 a shows the encrypted input mask, FIG. 13 b shows the decryptionpattern and FIG. 13 c shows the decrypted input mask according to afifth exemplary embodiment of the method according to the invention,

FIG. 14 through 20 visualize the method according to the inventionaccording to a sixth exemplary embodiment,

FIG. 21 schematically shows a second exemplary embodiment of the dataprocessing system according to the invention.

FIG. 22 shows the transaction codes with the assigned indices accordingto a seventh exemplary embodiment of a method according to theinvention,

FIG. 23 shows an example for the data to be transmitted in an onlinemoney transfer according to the seventh exemplary embodiment of themethod according to the invention.

DETAILED DESCRIPTION OF THE INVENTION

With reference to FIG. 1, the first exemplary embodiment of the systemaccording to the invention is illustrated:

The system comprises two data processing devices between which data canbe transmitted. The first data processing device, for example, is acomputer 2 of a user and the second data processing device is a server 1to which confidential or security-relevant data shall be transmittedfrom the computer 2.

The computer 2 of the user is known in principle. It comprises a displaydevice 3, e.g. a liquid crystal display or another monitor, a keyboard 4and an input device 5, via which screen areas can be selected. The inputdevice 5 can be a conventional electronic mouse or a so-called touchpad.It is pointed out that instead of the computer 2 an arbitrary other dataprocessing device can be used, provided that it comprises a displaydevice and that data can be transmitted to another data processingdevice in any manner.

The computer 2 is connected, via a modem 6, to a network like e.g. theInternet 7. Likewise, the server 1 is also connected via a modem 8 tothe Internet 7, so that over the Internet 7 data can be transmitted fromthe computer 2 to the server and vice versa.

Furthermore, an optical filter is provided, in possession of the personwho wants to transmit data from the computer 2 to the server 1. It ispossible to transmit, using the optical filter, data from computer 2 orfrom arbitrary other data processing devices to the server 1. Theoptical filter, in the exemplary embodiment illustrated here, is an atleast partially transparent transparency 11. The transparency 11 is madefrom a plastic material that is adhesive to a display device 3 such asthe display of the computer 2.

Onto the transparency 11, a binary random pattern individually coded foreach user is applied. This random pattern serves as a decryption patternfor input instructions, in this case particularly for an encrypted inputmask that is transmitted from the server 1 to the computer 2 as willlater be explained in detail.

The server 1 comprises a memory 10 that comprises a database storing theusers of the system and their assigned random patterns, i.e. thedecryption patterns. Furthermore, the server 1 has a computing unit 9capable of generating an encrypted input mask depending on the storeddecryption pattern of a user. The encrypted input mask is generated bythe computing unit 9 in a way that, upon being displayed, the encryptedinput mask is decrypted by being viewed through the optical filter ofthe associated user, i.e. by the transparency 11 having the decryptionpattern of the associated user, so that the user can decrypt the inputmask.

In the following, the first exemplary embodiment of the method accordingto the invention for transmitting data and further details of the systemaccording to the invention according to the first exemplary embodimentare illustrated:

The entity operating the server 1 generates, upon registration of eachuser, a transparency 11 with an individually coded random pattern andsends it to the user, e.g. by mail. It would also be possible that, e.g.by e-mail, graphical data are sent to the user that he can print out byhimself in order to generate the transparency 11. This random pattern isused to later decrypt an input mask. It is therefore also calleddecryption pattern. In FIG. 3, such a decryption pattern is shown.

Further, potential users could also be provided with the decryptionpattern in the following way: a plurality of decryption patterns ispublished in a publicly accessible way, e.g. in magazines or on theInternet, each decryption pattern having assigned coordinates. The usercould then select a suitable decryption pattern, i.e. by cutting it out,and, before using it, inform the server 1 which coordinates thedecryption pattern selected by him has, from which the server 1 candetermine the corresponding decryption pattern of the user.

In the first exemplary embodiment illustrated here, the decryptionpattern is binary-coded via complementary colors. Hence, the decryptionpattern comprises randomly arranged, e.g. red and green filter areas.Due to the black-and-white illustration in the enclosed figures, the redpixels are represented by the symbol “r” and the green pixels arerepresented by the symbol “G”. Black and white pixels further appear inblack and white.

A registered user now wants to transmit, using the computer 2,confidential or security relevant data to the server 1. In order to doso, the user establishes a connection with the Internet 7 via thecomputer 2 and the modem 6 and accesses, by entering a correspondingInternet address, the website of the server 1. Subsequently, hespecifies a user name which is transmitted via the Internet 7 to theserver 1.

In the present exemplary embodiment the user wants to transmit anumerical code to the server 1. Therefore, the server 1 initiallygenerates, using the computing unit 9, an input mask in which numericalcharacters are randomly placed inside a binary pattern. This initialpattern is shown in FIG. 2. It is newly generated for each datatransmission. Likewise, the input mask could also contain alphabetic orother characters. Furthermore, a text could be included that containsspecific instructions for the input of the data to be transmitted.

The computing unit 9 now determines, by means of the database stored inthe memory 10, the user's decryption pattern. The computing unit 9generates a pattern complementary to the decryption pattern: in eachplace where the user's decryption pattern comprises a green filter area,a red pixel is generated and in each place where the user's decryptionpattern comprises a red filter area, a green pixel is generated. If thedisplay device 3 displayed this intermediate pattern, and if a userviewed this pattern through a decryption pattern of FIG. 3 exactlyaligned to the pattern, a black area would emerge because the red pixelemitted by the display device 3 would not be able to pass through thegreen filter of the decryption pattern and, likewise, the green lightemitted by a green pixel would not be able to pass through the redfilter of the decryption pattern.

The computing unit 9 subsequently combines the intermediary pattern withthe input mask to be encrypted that is shown in FIG. 2. That is to say,at each pixel of the intermediary pattern, at which, in the input maskas shown in FIG. 2, a pixel contains information for displaying thenumerical characters, i.e. the pixel in the example shown is black, thecolor state of the intermediary pattern is reversed. Hence, at thesepositions, a red pixel becomes green and a green pixel becomes red. Theinput mask generated in this way is shown in FIG. 4.

The encrypted input mask is transmitted from the server 1 over theInternet 7 to the computer 2 of the user. In principle, unauthorizedthird parties could gain knowledge of both the user name of the user 2and of the encrypted input mask as these pieces of information are eachtransmitted over the Internet 7. This information, however, would not beof any use for an unauthorized third party, as the decryption of theencrypted input mask requires the decryption pattern of the transparency11 in possession of the user. The method thus provides two-levelsecurity. An unauthorized third party gains no knowledge of thetransmitted data, like e.g. the password, as he cannot attach anymeaning to the input made via the encrypted input mask. Furthermore, anunauthorized third party cannot enter a password, even when havinggained knowledge of the password by other means, as he cannot decryptthe input mask.

The encrypted input mask is now displayed by the display device 3 of thecomputer 2. The user can now ascertain that the displayed pattern isindeed a random-looking red-green pattern. In order to decrypt theencrypted input mask, the user now applies the transparency 11 to thedisplay device 3, e.g. by laying it flat onto the display device 3. Inorder to exactly align the transparency 11 to the displayed encryptedinput mask, alignment aids 12 can be placed on the transparency 11 whichfacilitate the alignment to the displayed input mask. If the user nowviews the input mask, the image shown in FIG. 5 results. An array ofnumeric characters consisting of red and green pixels within a blackbackground results. The array of numeric characters corresponds, withrespect to the positioning of the numeric characters, to the array ofnumeric characters shown in FIG. 2. For only at those pixels thatrepresent the array of numeric characters of FIG. 2, red and greenpixels and filter areas, respectively, are congruent so that light canpass through the optical filter of the transparency 11. Outside thearray of numeric characters, the filter of the transparency 11 iscomplementary to the displayed encrypted input mask so that no light canpass through the filter of the transparency 11. In these areas, a blacksurface results.

Furthermore, the decryption pattern and the encrypted input mask couldconversely interact in a way that the pixels representing the input maskappear black and the surrounding area is displayed in complementarycolors, e.g. red and green.

In order to enter the numerical code to be transmitted, the user can nowsuccessively select the areas on the input mask that correspond to thenumerical code. For example, he can successively select thecorresponding numerals using the touchpad 5 or a mouse. Thecorresponding selection is then transmitted over the Internet 7 to theserver 1. An unauthorized third party who does not know the decryptionpattern on the transparency 11 cannot extract any content from the datatransmitted in this way because he does not know the input mask. On theother hand, an unauthorized third party is also unable to generate aninput mask known to him and transmit it to the computer 2 of the user inorder to impersonate the server 1 because for that purpose knowledge ofthe decryption pattern on the transparency 11 of the respective user isrequired. Thus arbitrary data, entered via the encrypted input masktransmitted from the server, can be transmitted from the computer 2 ofthe user to the server 1.

According to a further embodiment of the method the transparency 11 isnot aligned to the already displayed input mask but the input mask isgenerated depending on the used display device 3 and aligned relativelyto the decryption pattern of the transparency 11. For this purpose, theuser initially places the transparency 11 at an arbitrary position onthe display device 3 and then selects, e.g. with the touchpad 5, atleast two alignment aids 12, preferably three or four alignment aids 12,on the display device 3. This selection is transmitted over the Internet7 to the server 1. The computing unit 9 of the server 1 can now adjustthe encrypted input mask with respect to its positioning on the displaydevice 3 and with respect to its size so that it is aligned in aprecisely fitting way to the decryption pattern of the transparency 11without the user having to relocate the transparency 11 on the displaydevice 3. This embodiment simplifies the use of the transparency 11 ondifferent display devices 3.

FIG. 6 again shows how e.g. the numeric character 2 is initiallyencrypted and then perceived by the user. The server 1 initiallyspecifies the numeric character 2 as a binary pattern. After that, thecomputing unit 9 determines, using the database in the memory 10, thedecryption pattern (transparency pattern) of the user. The computingunit 9 then generates a complementary pattern which, however, at thosepixels where the numeric character comprises a black pixel, has the samecolor as the decryption pattern on the transparency 11. The two middlepatterns of FIG. 6 show this. In the uppermost row the pixels arecomplementary to each other. In the second row the first three pixelsare complementary to each other, the next three pixels belonging to therepresentation of the numerical character 2 are identical in thedecryption pattern on the transparency 11 and in the pattern shown onthe display device 3. The last three pixels of the second row are thenagain complementary. Depicted on the right side of FIG. 6 is the patternperceivable when the displayed pattern is viewed through the decryptionpattern of the transparency 11. In the second row, initially three blackpixels emerge because the decryption pattern of the transparency 11 atthese pixels contains a filter that is complementary to the displayedcolor of the pixels of the encrypted input mask. The next two pixelsappear green (symbol “G” in the illustration of FIG. 6) because thesepixels are both displayed in green by the encrypted input mask and greenfilters are provided at the decryption pattern of the transparency 11.For the same reasons, the subsequent pixel appears red (symbol “r”) andthe last three pixels again appear black.

The binary encryption and decryption, respectively, can also be effectedin a different way. In FIG. 7 such an example is shown in which thepixels consist of areas with horizontal or vertical lines.

Besides the display device 3 at the data processing device of the user,the only hardware requirement for the system according to the inventionand the method according to the invention, respectively, is that thetransparency 11 with the decryption pattern is in the possession of theuser. The transparency 11, however, can then be used universally withvarious data processing devices. It is also conceivable to use it withmobile phones comprising a display. The transparency 11 can bemanufactured very inexpensively and can easily be sent to a user, e.g.in a letter. Moreover, the user can very easily take along thetransparency 11 because it is very small and thin. It can e.g. be asthin as a banknote and have the size of a conventional credit card.

The above-described method can further be used e.g. for authenticating auser to an e-commerce provider. For this purpose, the user initiallyidentifies himself to the e-commerce provider via a name. This name isnot confidential in principle. It is harmless if this name iseavesdropped by an unauthorized third party. Using this name, however,the e-commerce provider can determine the decryption pattern of thecorresponding user and—as described above—generate a suitably encryptedinput mask and transmit it to the user. The user can then decrypt theinput mask using his transparency 11 and, as described above, enter hispersonal code that securely authenticates him to the e-commerceprovider.

In the same way, the login procedure into a corporate network can beeffected using the method according to the invention. Here, the user cansecurely authenticate himself by entering a password using thedecryption of the encrypted displayed input instructions.

Furthermore, the method can be used in conjunction with an onlinebanking method. In this case, the user can transmit all securityrelevant data, i.e. particularly his authentication, i.e. his personalcode, and data for an online money transfer, using the above-describedmethod. Particularly the data pertaining to the amount of the onlinemoney transfer and the data pertaining to the beneficiary of the onlinemoney transfer should be entered via the encrypted displayed input maskand thus be transferred in an encrypted way. Such an online bankingmethod is particularly secured against the initially explained“man-in-the-middle attack”. To further enhance security, the encryptedinput mask could be repeatedly changed during the input of single data.Thus, also a protection against the above-mentioned so-called“replay-attack” can be achieved. The use of so-called transactionnumbers would not be necessary in this case. By the way, they do notprotect against manipulation by an intermediary computer of anunauthorized third party.

In the following, a second exemplary embodiment of the method accordingto the invention is described with reference to FIG. 8 a through FIG. 8c.

FIG. 8 a shows the display pattern, in FIG. 8 b the decryption patternof the transparency 11 and in FIG. 8 c the visible result effected bythe optical decryption of the display pattern by the decryption patternof the transparency 11.

The method of the second exemplary embodiment basically corresponds tothe method of the first exemplary embodiment. However, the decryptionpattern on the transparency 11 as well as the encrypted input maskgenerated and displayed by the server 1 differ from the method of thefirst exemplary embodiment.

The decryption pattern of the transparency 11 comprises areas that arenot used for decryption, as well as use areas that are used fordecryption and are embedded into the areas not used for decryption. Theareas of the transparency 11 that are not used for decryption aredesigned opaque, i.e. black. Thus, the transparency 11 becomes atemplate that masks out the areas not used for decryption. In the useareas, the decryption pattern again contains a binary coding, e.g. viacomplementary colors. At the same time, the use areas are designed in away that symbols for input instructions can be displayed. In the exampleshown in FIG. 8, all numeric characters can be displayed. Moreover, thesize, shape and position of the single use areas constitutes a secret ofthe decryption pattern of the transparency 11. Furthermore, as in thefirst embodiment, the binary coding within the use areas constitutes asecret of the transparency 11.

From the decryption pattern, the server 1 generates, using the computingunit 9, an input mask in the following way: in those areas of thedecryption pattern of the transparency 11 that are not used fordecryption, i.e. in those places where the transparency is black, abinary-coded, random noise is generated. Into this noise, the inputinstruction (i.e. the wanted information, represented by numericcharacters in the exemplary embodiment in FIG. 8) is displayed inembedded form using steganographic effects. For each input instruction,a random noise is newly generated for those areas that are not used fordecryption. For the use areas, the pattern is generated in the waydescribed in the first exemplary embodiment, so that an overlay of thedisplay pattern with the decryption pattern of the transparency 11 ofthe user would lead to the result shown in FIG. 8 c. Visible are numericcharacters, embedded into a black background and consisting ofcomplementary colors, e.g. red and green pixels.

In the following, a third exemplary embodiment of the method accordingto the invention is described with reference to FIG. 9 through 11.

Also the method of the third exemplary embodiment basically correspondsto the method of the first exemplary embodiment. Again, however, thedecryption pattern on the transparency 11 and the display patterngenerated by the server 1 are generated in a different way.

The input instructions generated by the server 1 do not consist ofbinary-coded pixels in this case, but of a matrix-like, or respectivelytable-shaped, representation of a plurality of symbols, e.g. numerals.In this display pattern, the symbols relevant for the input instructionare arranged, in a steganographic manner, at secret positions withinrandom symbols that constitute, as background noise, the steganographiccarrier information.

In this case, the decryption pattern of the transparency 11 acts as atemplate that extracts the symbols for the input instruction from thecarrier instruction. As in the first two exemplary embodiments, the usesymbols can again comprise a binary color coding.

Furthermore, the decryption pattern of the transparency 11 can contain amapping, effected by graphic arrangement and highlighting, from theextracted use symbols to screen areas, whereby clicking on these screenareas can effect a selection of the use symbols, without enabling, viathe clicking position, any inferences as to the position of the usesymbol inside the display pattern or the decryption pattern,respectively. These clickable screen areas are marked with an “X” in theFIG. 9 through 11.

FIG. 9 shows a first form of the third exemplary embodiment, with FIG. 9a showing the display pattern, FIG. 9 b showing the decryption patternof the transparency 11 and FIG. 9 c showing the visible result effectedby the optical decryption of the display pattern via the decryptionpattern of the transparency 11. In the first form of the third exemplaryembodiment, shown in FIG. 9, at the screen areas marked with “X”, thenumerals 9, 7, 3, 5, 6, 2 can be selected.

FIG. 10 shows a second form of the third exemplary embodiment, with FIG.10 a showing the display pattern, FIG. 10 b showing the decryptionpattern of the transparency 11 and FIG. 10 c showing the visible resulteffected by the optical decryption of the display pattern via thedecryption pattern of the transparency 11. In FIG. 10, green areas arerepresented by underlining the symbols. In red areas, the symbols arenot underlined. In the second form of the method according to the thirdexemplary embodiment, shown in FIG. 10, both the display pattern and thedecryption pattern are color-coded. The screen areas marked with “X” arearranged in colored blocks with adjacent use numerals. At the usenumerals, the display pattern and the decryption pattern of thetransparency 11 have the same color, the numeral being shown in thedisplay pattern. Thus, at the screen areas marked with “X”, the numerals3, 9, 7, 6, 2, 5 can be selected.

FIG. 11 shows a third form of the third exemplary embodiment, with FIG.11 a showing the display pattern, FIG. 11 b showing the decryptionpattern of the transparency 11 and FIG. 11 c showing the visible resulteffected by the optical decryption of the display pattern via thedecryption pattern of the transparency 11. In FIG. 11, green areas areagain represented by underlining the symbols. In red areas, the symbolsare not underlined. In the third form of the method according to thethird exemplary embodiment, blocks are framed by the decryption patternof the transparency 11, each block having a highlighted use numeral.This use numeral can be selected at the screen area marked with an “X”which is adjacent to the respective block. Thus, the numerals 2, 5, 6,7, 3, 9 can be selected.

In the following, the fourth exemplary embodiment of the methodaccording to the invention is illustrated with reference to FIG. 12:

FIG. 12 a shows the display pattern, FIG. 12 b shows the decryptionpattern of the transparency 11 and FIG. 12 c shows the visible resulteffected by the optical decryption of the display pattern via thedecryption pattern of the transparency 11. In FIG. 12, green areas areagain represented by underlining the symbols. In red areas, the symbolsare not underlined.

Compared to the previous exemplary embodiments, the distribution ofinformation between the decryption pattern of the transparency 11 andthe display pattern is reversed in this fourth exemplary embodiment. Thedecryption pattern of the transparency 11 in this case comprises asymbol matrix which can again be binary-coded, particularly color-coded,e.g. in complementary colors. The display pattern generated by theserver 1 contains a suitable binary-coded pattern, particularly acomplementary-color pattern, by which specific symbols of the decryptionpattern of the transparency 11 are faded in or faded out, respectively,in the visible result after the overlay. As can be seen in FIG. 12 c,the visible result includes a left block and right block, the left blockhaving multiple numeric characters highlighted in each row and the rightblock having multiple alphabetic characters highlighted. The inputinstruction now consists in prompting the user to initially look for therow in which a specific numeric value, e.g. “133”, is visibly displayed.This value is visible in the sixth row in the example shown in FIG. 12.After that, the user is supposed to enter those visible alphabeticcharacters that appear in the right block of the visible result in thesame row. In the present example: the character sequence in the sixthrow, which is “CUAT”.

If the fourth exemplary embodiment is used in conjunction with an onlinebanking method, the numeric value to be looked for in the left part ofthe decrypted display pattern could consist of a part of the accountnumber. The character sequence resulting from the decrypted displaypattern would then be a transaction number to be entered. In this way,the beneficiary's account number could be linked to the transactionnumber whereby an effective protection against so-called“man-in-the-middle-attacks” could be achieved.

In the following, a fifth exemplary embodiment of the method accordingto the invention is illustrated with reference to FIG. 13:

FIG. 13 a shows the display pattern, FIG. 13 b shows the decryptionpattern of the transparency 11 and FIG. 13 c shows the visible resulteffected by the optical decryption of the display pattern via thedecryption pattern of the transparency 11. In FIG. 13, green areas areagain represented by underlining the symbols. In red areas, the symbolsare not underlined. Further, in each of FIGS. 13 a and 13 b, six blocksare highlighted. These block are also highlighted, e.g. by color, in thevisible result shown in FIG. 13 c.

The fifth exemplary embodiment of the method according to the inventiondiffers from the previous exemplary embodiments in that it is applicableto securely transmitting data in just one direction, e.g. forauthenticating, without requiring a previous transmission of encryptedinput instructions from the server 1. In fact, the user can generate thedisplay pattern by himself and transmit it to the server 1 together withthe data to be transmitted. An advantage of this embodiment is that thedisplay pattern thus does not need to be dynamically generated in aninteractive session, adapted to the decryption pattern of thetransparency 11, e.g. by a bank server that knows the decryption patternof the transparency 11; instead, the complementary color coding of thedisplay pattern can be an arbitrary random pattern or can be obtained,e.g. by a hash function, depending on the displayed plain-textinformation.

The form of the method according to the fifth exemplary embodiment hasthe advantage that the input instruction and the input based thereondirectly depend on significant characterizing features of thetransaction to be confirmed by the input procedure. Through this, a kindof simple digital signature is achieved.

Furthermore, it is advantageously possible, compared to the fourthexemplary embodiment, to not only specify part of e.g. an account numberof a bank transaction, but, if necessary, the complete account number,bank code number and amount.

In this case, the decryption pattern of the transparency 11 contains aplurality of blocks. One part of the blocks contains just a binary colorcoding, the other part of the blocks additionally contains symbolsarranged in a random pattern, e.g. consisting of numeric and alphabeticcharacters. The display pattern also contains a binary color coding,however it contains the symbols in those blocks where the decryptionpattern does not contain symbols. The user now selects, in the visibleresult, for each two blocks placed above one another, one symbol thatoccurs both in the upper and lower block and which is color-highlightedin both blocks. Thus a six-digit code can be obtained. In the exampleshown in FIG. 13 c, this is the character “I” for the first blocksplaced above each other, the character “N” for the second blocks, thecharacters “E” for the third blocks, the character “F” for the fourthblocks, character “U” for the fifth blocks and the numerical character“5” for the sixth blocks. This code is transmitted, together with thedisplay pattern, to the server 1 which can thus authenticate the userand interpret the transmitted code as a transaction confirmation.

In the following, a sixth exemplary embodiment of the method accordingto the invention is illustrated with reference to FIG. 14 through 20:

The sixth exemplary embodiment relates to an online banking method. Theuser is in possession of a transparency 11 with the decryption pattern.As in the first embodiment, this decryption pattern is stored in thememory 10 of the server 1 of a bank. FIG. 14 shows the transparency 11that contains a serial number in the upper left part and further adecryption pattern which comprises opaque black areas that are not userfor decryption, and randomly arranged use areas with a unique red-greenrandom pattern. In the exemplary embodiment shown in FIG. 14, a total often use areas for displaying numerical characters are provided.Furthermore, the transparency comprises alignment aids 11 in threecorners.

For an online banking session, an input field for an identification codeand a password is displayed on the user's screen, as shown in FIG. 15.Further, an encrypted control field with a display pattern is displayedby the bank server, the size of which corresponds to the size of thedecryption pattern of the transparency 11 and which has been generatedas described above.

After the user has entered his identification code and his password,there is displayed, as shown in FIG. 16, a request to attach, e.g.adhesively, the transparency 11 with the decryption pattern onto thescreen at the control window, and to click on the alignment aids 12.Thereupon, the server adjusts the size and position of the displaypattern in order to exactly align it to the decryption pattern. Thedecryption pattern of the transparency 11 now decrypts the displaypattern displayed by the server 1 by making visible the ten numericcharacters 0 through 9 in the use areas of the transparency 11. In orderto finalize and confirm the login procedure, the user now enters eitherthe upper or lower five-digit confirmation number, i.e. the numericsequence “0, 6, 5, 4, 7”.

As shown in FIG. 18, the user now starts the bank transaction, e.g. anonline money transfer transaction, by entering, in unencrypted form, thedetails into the corresponding fields.

Subsequently, the bank server 1 generates a display pattern which, upondecryption by the decryption pattern of the transparency 11, exhibits,in the upper row, an abbreviation of the name of the bank of thetransaction, and, in the second row, a part of the beneficiary's accountnumber. As shown in FIG. 19, the name of the beneficiary's bank isabbreviated with “SPMUS”. In the second row, the first five digits ofthe beneficiary's account number are shown. The user is prompted, byclicking on the “OK” area, to confirm that the abbreviation of the nameof the beneficiary's bank actually matches the transaction's beneficiarybank and that the first five digits of the beneficiary's account numbermatch the decrypted display in the second row of the display pattern.

Subsequently, the bank server generates a new display pattern, thedecryption of which is shown in FIG. 20. It contains, in the first row,the amount of the money transfer (without fractional digits), and adisturbing pattern to which no numeric characters can be assigned. Theuser is prompted to verify whether the amount shown in the first row ofthe decrypted display pattern matches the transaction's amount and, ifthis is the case, to enter the transaction code shown in the second rowof the decrypted display pattern. In the exemplary embodiment shown inFIG. 20, this is the code “FMRY”. This transaction code is transmittedto the bank server. From the data transmitted, the bank server can,firstly, infer that no modifications of the name of the beneficiary'sbank, the beneficiary's account number or the transaction amount havebeen made. Further, the bank server can infer that the transaction codehas been entered by the owner of a specific transparency 11 with aunique decryption pattern.

With reference to FIG. 21 through 23, the second exemplary embodiment ofthe system according to the invention and the seventh exemplaryembodiment of the method according to the invention are illustrated:

The exemplary embodiment relates to an online banking method and thedevices used therein. It is however, pointed out that the method anddevices can be used whenever data are to be securely transmittedelectronically from one data processing unit to another data processingdevice. It is remarked that the second exemplary embodiment of thesystem according to the invention and the seventh exemplary embodimentof the method according to the invention can complement the previousexemplary embodiments by making the data transmission even more secure.However, it is also possible to operate these exemplary embodiments ofthe system and method according to the invention completelyindependently from the previous exemplary embodiments. Thus, theyconstitute independent aspects of the present invention.

The data processing system for performing the online money transfer isschematically shown in FIG. 21. It comprises a first data processingunit 2 of a user, e.g. a bank customer, and as second data processingunit a bank server 1.

The data processing unit 2 of the user comprises a central computingunit 13, to which a data-index-device 14, an input device 15, an outputdevice 16 and an index-transaction-code-device 17 are connected. Intothe input device 15, at least the data to be transmitted can be entered.With the data-index-device 14, an index can be determined from the datato be transmitted as will be illustrated later. With theindex-transaction-code-device 17, a transaction code can be obtainedfrom a specific index as will also be illustrated later. With thecentral computing unit 13, the data to be transmitted can be linked witha transaction code obtained by the index-transaction-code-device 17. Thedata linked to the transaction code can then by transmitted to otherdata processing devices using the output device 16.

The bank server 1 comprises a central processing unit 18 to which areceiving device 20, a further data-index-device 19 and a furtherindex-transaction-code-device 21 are connected. With the receivingdevice 20 data can be received from the user's data processing device 2.However, the units 16 and 20 can, by the way, also be adapted to bothreceive and send data. Via the units 16 and 20 the user's dataprocessing device 1 and the bank server 1 can establish an onlineconnection via an electronic network like e.g. the Internet 22, or viaother means for data transmission. Thus, data can be exchanged betweenthe user's data processing device 2 and the bank server 1. Thedata-index-device 19 and the index-transaction-code-device 21 of thebank server 1 correspond, with respect to their function, to therespective devices 14 and 17 of the user's data processing device 2.

In the following, the online banking method according to the seventhexemplary embodiment of the method according to the invention and theembodiments of the respective devices of the data processing system areillustrated:

Initially—as means for obtaining a plurality of transaction codes from aplurality of indices—a plurality of user-specific transaction-codes,particularly transaction numbers (TAN) are transmitted to a user in amanner known in principle. There, exactly one index is assigned to eachtransaction number. Thus there is a bijective mapping between the set oftransaction numbers and the set of indices. Each transaction number isonly valid for one data transmission. A table 26 with transactionnumbers and assigned indexes is shown in FIG. 22. Such a table could betransmitted in advance in an arbitrary manner to the users for onlinemoney transfers or other transactions with the bank. Instead of thetable, the user could also be provided with a device or algorithm thatgenerates corresponding tables; in this case, the specification as tohow the table 26 for a specific user is generated must be known at thebank so that the corresponding tables 26 are also known at the bank. Thetransmission of table 26 corresponds, in the known online bankingmethod, to the transmission of indexed transaction numbers.

The user now wants to securely transmit data electronically to a bankserver 1. For example, he wants to perform an online money transfer to aspecific beneficiary. For this purpose, an online connection isestablished between the data processing unit 2 and the bank server 1over the Internet 22. The data processing unit 2 is then provided, bythe bank server 1, with a form 23 as shown in FIG. 23. Into this form,the user can enter data for the online money transfer using the inputdevice 15 of his data processing device 2. The form contains fields forspecifying a beneficiary, like the beneficiary's name, the bank codenumber of the beneficiary's bank, and the beneficiary's account number.Further, the amount to be transferred can be entered. Finally, the formcontains a field for entering the transaction number that the user, orrespectively his data processing unit 2, can select from the list oftable 26.

When selecting the transaction number, the following method is appliedin the exemplary embodiment described:

The index of the transaction number to which the money transfer data aresupposed to be linked, has a correlation with the data to betransmitted, i.e. with the online money transfer data in this case. Thismeans that a modification of the part of the transmitted data that isincorporated into the correlation with the index leads to a differentindex.

In the exemplary embodiment described here, the index 25 of thetransaction number that is supposed to be linked to the data to betransmitted, i.e. the online money transfer data, corresponds to thelast two digits of the beneficiary's account number 24. In the exampleshown in FIGS. 22. and 23, these are the last two digits “21”. The index25 can easily be determined by the user on the basis of his moneytransfer data. However, it is also possible that the data-index-device14 of the user's data processing device 2 automatically determines thisindex 25 from the money transfer data to be transmitted. Such anautomated determining is particularly useful when the specification bywhich the index 25 is determined is more complicated than in theexemplary embodiment described there and when multiple data areincorporated into determining the index 25.

The transaction number with the index “21” is “85821745”. The user caneasily read this with the aid of his table that has been previouslytransmitted to him, and then enter this transaction number via the inputdevice 15. However, the table could also be stored in the user's dataprocessing device 2. In this case, the index-transaction-device 17 couldautomatically obtain the transaction number “85821745”. The correlationbetween the transaction number and the index assigned to it could alsobe more complicated, however. For example, in the index-transaction-codedevice 17 there could be stored an algorithm that generates, using anindex as the input value, a transaction code as the output value.

This transaction number “85821745” is being linked to the online moneytransfer data. This is effected by the central computing unit 13 of theuser's data processing device 2. As soon as the link between thetransaction number and the online money transfer data is established,the online money transfer data can be transmitted over the Internet 22to the bank server 1 in a manner known in principle.

According to another embodiment the form 23 is generated by a programexecuted on the user's data processing device 2. The online moneytransfer data linked to the obtained transaction number can then betransmitted to the bank server 1 in a manner known in principle.

When establishing the online connection between the user's dataprocessing device 2 and the bank server the user authenticates himselfso that the bank server 1 knows by which user the money transfer dataare supposed to come. Alternatively, this information can also betransmitted together with the online money transfer data.

In order to verify that the transmission of the online money transferdata has not been manipulated, the central computing unit 18 of the bankserver 1 checks whether the transaction number linked to the onlinemoney transfer data belongs to the set of valid transaction numbers and,in case the check is positive, determines the index assigned to thistransaction number. In the exemplary embodiment shown, the index “21” isassigned to the transaction number “85821745”. This step is executed inthe index-transaction-code-device 21. Subsequently, thedata-index-device 19 of the bank server 1 determines whether this indexhas the specified correlation with the money transfer data. Here, thedata-index-device 19 uses the same method that was used when the indexof the transaction number (that was being linked to the online moneytransfer data) was determined. Thus, in the present case, the centralcomputing unit 18 of the bank server 1 determines whether the indexcorresponds to the last two digits of the beneficiary's account number.If the money transfer data have not been manipulated duringtransmission, the account number is still “58204821”, i.e. the last twodigits of this account number correspond to the index of the transactionnumber “85821745”.

Alternatively, the verification can also be performed by determining,from the transmitted data, via the specified correlation, the indexbelonging to these data, and verifying whether the index determined inthis way is a valid index and, in a second step, verifying whether thetransaction code assigned to this index is identical to the transmittedtransaction code.

Any manipulation of the last two digits of the account number,particularly during the data transmission, can thus easily be detectedat the bank. Furthermore, arbitrary further security-critical data canbe secured in this way.

If, for example through a “man-in-the-middle-attack”, the beneficiary'saccount number has been modified so that the last two digits are e.g.“03”, the data-index-device 19 and the index-transaction-code-device 21of the bank server 1 would, from this account number, via the index“03”, determine the transaction number “43883978”, as can be seen fromtable 26 of FIG. 22. This transaction number does not match thetransaction number that was linked to the money transfer data, so thatthe central computing unit 18 of the bank server 1 can easily detect themanipulation of the beneficiary data.

It is pointed out that the previously described specification by which,from the data to be transmitted, the index of the transaction number(with which transaction number the data to transmitted are being linked)was determined is a very simple specification. However, much morecomplex functional correlations or algorithms could be employed herewhich can particularly include all data that shall be protected from amanipulation. Particularly, this could be all digits of thebeneficiary's account number, and the algorithm could be a conventionalcheck digit algorithm as used to check the correct format of an accountnumber as a protection against typing errors or transposed digits.Further, also all digits of the beneficiary's bank code number and thebeneficiary's name could be included. Further, the amount should beprotected from a manipulation and thus be taken into account whendetermining the index 15. Here, determining the index 15 can beperformed by the user himself or in a fully automated manner by theuser's data processing device 1. Likewise, the verification of thereceived data at the bank can be performed in a fully automated manner.

Preferably, however, a specification is employed that, on one hand, isrelatively secure against manipulations of the underlying data, but onthe other hand can easily be reproduced by a user. E.g. for each user,individually different digits from an account number could be used asindex. For user A, e.g. the 3^(rd) and 5^(th) digit of an enteredaccount number could constitute the index, however, for user B the2^(nd) and 6^(th) digit. Thus—contrary to the above-described method inwhich the last two digits of an account number have been used—even thosemanipulation attempts would be precluded in which a fraudster could tryto obtain e.g. hundred different account numbers having last digits 00through 99 in order to fully cover the last-digit range between 00 and99, in order to divert, in a “man-in-the-middle attack”, an accountnumber entered by the user, ending e.g. with “17” to the one of hishundred account numbers that also ends with “17”.

According to a further form of this exemplary embodiment a conventionalonline money transfer method with indexed transaction numbers is beingcombined with the method according to the invention. Here, before thedata transmission, the bank server 1 transmits to the user's dataprocessing device 2 a code which is taken into account when determiningthe index 25. For example, both this initially transmitted code and thebeneficiary's data and the amount are used as parameters in determiningthe index 25.

If the method according to the seventh exemplary embodiment is beingcombined with one of the methods of the first six exemplary embodiments,both the transparency 11 with the decryption pattern and the transactioncodes with the assigned indices are initially transmitted to the user.The transaction code to be transmitted in order to confirm e.g. a banktransaction is then obtained as described in the seventh exemplaryembodiment of the method according to the invention. In this case,however, the input is not effected in plain text, but via the encryptedinput instructions, particularly the input mask as described in thefirst six exemplary embodiments.

1-10. (canceled)
 11. A method for transmitting data from a first dataprocessing device to a second data processing device, the first dataprocessing device comprising a display device, wherein a) the seconddata processing device generates a display pattern, and transmits it tothe first data processing device; b) the first data processing devicedisplays said display pattern on said display device; c) a transparencyis overlaid over said display pattern on said display device, whereinsaid transparency comprises a transparency pattern comprising a symbolmatrix, wherein said display pattern on said display device is suitableto fade in or fade out, respectively, specific symbols of thetransparency pattern in the visible result after the overlay, andwherein the visible result includes a first block and a second block,each block having multiple symbols highlighted; d) prompting a user ofthe first data processing device by an input instruction to look for aspecific first symbol sequence that is visibly displayed in the firstblock and to enter a second symbol sequence that appears in the secondblock and that is associated to the first symbol sequence; and e) thedata to be transmitted are input into the first data processing deviceusing said input instruction and are transmitted to the second dataprocessing device.
 12. A method according to claim 11, wherein saiddisplay pattern displayed on said display device and/or saidtransparency pattern of said transparency are color-coded.
 13. A methodaccording to claim 12, wherein said display pattern displayed on saiddisplay device and said transparency pattern of said transparency arebinary-coded in complementary colors.
 14. A method according to claim11, wherein the first data processing device corresponds to a dataprocessing device of a user and the second data processing devicecorresponds to a bank server and wherein said data transfer is suitablefor performing the money transfer to a beneficiary.
 15. A methodaccording to claim 14, wherein the specific first symbol sequencederives from digits of an account number of the beneficiary and/or fromdigits of the amount of the money transfer to the beneficiary.
 16. Amethod for transmitting data from a first data processing device to asecond data processing device, the first data processing devicecomprising a display device, wherein a) the second data processingdevice generates a display pattern, and transmits it to the first dataprocessing device; b) the first data processing device displays saiddisplay pattern on said display device; c) a transparency is overlaidover said display pattern on said display device, wherein saidtransparency comprises a transparency pattern comprising a symbolmatrix, wherein said display pattern on said display device is suitableto fade in or fade out, respectively, specific symbols of thetransparency pattern of the transparency in the visible result after theoverlay, and wherein the visible result includes a left block and aright block, the left block having multiple numeric charactershighlighted in each row and the right block having multiple alphabeticcharacters highlighted; d) prompting a user of the first data processingdevice by an input instruction to look for the row of the left block inwhich a specific numeric value is visibly displayed and to enter thosevisible alphabetic characters that appear in the right block of thevisible result in the same row; and e) the data to be transmitted areinput into the first data processing device using said input instructionand are transmitted to the second data processing device.
 17. A methodaccording to claim 16, wherein said display pattern and/or saidtransparency pattern of said transparency are color-coded.
 18. A methodaccording to claim 17, wherein said display pattern and said decryptionpattern of said transparency are color-coded in complementary colors.19. A method according to claim 16, wherein said method is used inconjunction with an online banking method for performing the moneytransfer to a beneficiary.
 20. A method according to claim 19, whereinthe numeric value to be looked for in the left block of the visibleresult consists of a part of an account number of the beneficiary.